Accepting request 1190852 from devel:tools

OBS-URL: https://build.opensuse.org/request/show/1190852 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/patch?expand=0&rev=48
2024-08-02 15:25:27 +00:00 · 2024-08-02 15:25:27 +00:00 · 71f68bb3b0
commit 71f68bb3b0
parent dd790c3a68 34ab9541b6
3 changed files with 32 additions and 1 deletions
--- a/CVE-2019-20633.patch
+++ b/CVE-2019-20633.patch
@ -0,0 +1,25 @@
+commit a09d9519a57e84d8e2ad592fbba09e8a9faf55f8
+Author: Wolfgang Frisch <wolfgang.frisch@suse.com>
+Date:   Tue Jul 30 14:17:32 2024 +0200
+
+    Fix double-free/OOB read in pch.c (CVE-2019-20633)
+    
+    see also: https://savannah.gnu.org/bugs/index.php?56683#comment1
+
+diff --git a/src/pch.c b/src/pch.c
+index fd9c480..57c76de 100644
+--- a/src/pch.c
+++ b/src/pch.c
+@@ -1183,8 +1183,11 @@ another_hunk (enum diff difftype, bool rev)
+     while (p_end >= 0) {
+ 	if (p_end == p_efake)
+ 	    p_end = p_bfake;		/* don't free twice */
+-	else
+	else {
+ 	    free(p_line[p_end]);
+	    p_line[p_end] = NULL;
+	    p_len[p_end] = 0;
+	}
+ 	p_end--;
+     }
+     assert(p_end == -1);
--- a/patch.changes
+++ b/patch.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Jul 30 12:19:54 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- CVE-2019-20633.patch: Fix double-free/OOB read in pch.c (bsc#1167721)
+
 -------------------------------------------------------------------
 Thu Feb 29 14:53:57 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/patch.spec
+++ b/patch.spec
@ -1,7 +1,7 @@
 #
 # spec file for package patch
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -40,6 +40,7 @@ Patch10:        fix-swapping-fake-lines-in-pch_swap.patch
 Patch11:        abort-when-cleaning-up-fails.patch
 Patch12:        dont-follow-symlinks-unless-asked.patch
 Patch13:        pass-the-correct-stat-to-backup-files.patch
+Patch14:        CVE-2019-20633.patch
 # See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was
 # invoking patch, so interdiff had to be fixed too.
 Conflicts:      patchutils < 0.3.2